Hi Jeremy,
what is the plan really with libressl and libressl-devel?
We have 2.5.5 in security/libressl, 2.6.2 in security/libressl-devel,
and now 2.7.1 is out.
I would just prepare an udate of libressl to 2.7.1,
but I want to as kfirst: why do we have "devel".
LibreSSL themselves make no such distinction,
these are just "releases".
Jan
PS: specific MacOS fixes here
On Mar 23 20:17:39, bust...@gmail.com wrote:
> We have released LibreSSL 2.7.1, which will be arriving in the
> LibreSSL directory of your local OpenBSD mirror soon. This is the second
> release from the 2.7 series, which will be part of OpenBSD 6.3.
>
> It includes the following changes from 2.7.0
>
> * Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
> length provided is 0 to match the OpenSSL behaviour. Issue noticed
> by Christian Heimes <christ...@python.org>
>
> * Fixed builds macOS 10.11 and older.
>
> LibreSSL 2.7.1 also includes:
>
> * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
> observations of real-world usage in applications. These are
> implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
> changes have not been made to existing structs, allowing code written
> for older OpenSSL APIs to continue working.
>
> * Extensive corrections, improvements, and additions to the
> API documentation, including new public APIs from OpenSSL that had
> no pre-existing documentation.
>
> * Added support for automatic library initialization in libcrypto,
> libssl, and libtls. Support for pthread_once or a compatible
> equivalent is now required of the target operating system. As a
> side-effect, minimum Windows support is Vista or higher.
>
> * Converted more packet handling methods to CBB, which improves
> resiliency when generating TLS messages.
>
> * Completed TLS extension handling rewrite, improving consistency of
> checks for malformed and duplicate extensions.
>
> * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
> This removes the last remaining use of the old M_ASN1_* macros
> (asn1_mac.h) from API that needs to continue to exist.
>
> * Added support for client-side session resumption in libtls.
> A libtls client can specify a session file descriptor (a regular
> file with appropriate ownership and permissions) and libtls will
> manage reading and writing of session data across TLS handshakes.
>
> * Improved support for strict alignment on ARMv7 architectures,
> conditionally enabling assembly in those cases.
>
> * Fixed a memory leak in libtls when reusing a tls_config.
>
> * Merged more DTLS support into the regular TLS code path, removing
> duplicated code.
>
> * Many improvements to Windows Cmake-based builds and tests,
> especially when targeting Visual Studio.
>
> Thanks for all of the testing, suggestions, and updates from the porting
> community. We look forward to releasing a final stable version in a few
> weeks.
>
> The LibreSSL project continues improvement of the codebase to reflect modern,
> safe programming practices. We welcome feedback and improvements from the
> broader community. Thanks to all of the contributors who helped make this
> release possible.
>
